Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Security of Voter Registration Databases

READ-ONLY SITE MATERIALS: Historical voting TWiki site (2015-2020) ARCHIVED from https://collaborate.nist.gov/voting/bin/view/Voting

This topic is for discussions of security-related issues associated with Voter Registration Databases.

Security Considerations

Information Types

  • Names and addresses of voters
  • Identification numbers, including drivers license and/or full/partial social security numbers
  • Mapping to precincts
  • Status information: e.g., party affiliation, UOCAVA status
  • Voter histories

Security Objectives and Impact Levels

  • Confidentiality: Moderate
  • Integrity: Moderate
  • Availability: Moderate

Notes:

  • VRDB components may include:
    • Voter Registration Database back-end
    • Client/interface for election officials (may be networked)
    • Possible online voter registration component
  • VRDBs store large amounts of personally-identifiable information, some of which is sensitive.
    • Centralization at state levels increases the impact of failures, breaches, or other incidents.
  • Loss of availability or integrity of the VRDBs could be highly disurptive.
    • Paper and/or offline electronic pollbooks could provide backups to online/networked systems.
    • Provisional ballots provide a fallback option in the event of an irrecoverable failure, but the time and effort required to process provisional ballots is significant.
  • State VRDBs could be networked with county systems, either in real-time or at regular intervals.

VVSG Security Gap Analysis

Applicability of the VVSG 1.1 and/or draft VVSG 2.0

  • VVSG 1.1: Out of scope
  • VVSG 2.0: Out of scope

Estimated Level-of-Effort to Address

  • Significant- existing security requirements primarily developed for embedded systems, not databases or online systems
  • General cybersecurity best practices for IT systems could be applied/tailored to VRDBs

Gap Areas

  • Telecommunications requirements
  • Operational security best practices could be developed separate from system-level requirements
  • Potential overlap/links to EPollbooks Security

Related Resources:

  • ACM, Statewide Databases of Registered Voters: Study of Accuracy, Privacy, Usability, Security and Reliability Issues commisioned by the US Public Policy Commitee of the Association for Computing Machinery. Feb. 2006. Full Report.
     

Voting TWiki Archive (2015-2020): read-only, archived wiki site, National Institute of Standards and Technology (NIST)


ARCHIVE SITE DESCRIPTION AND DISCLAIMER

This page, and related pages, represent archived materials (pages, documents, links, and content) that were produced and/or provided by members of public working groups engaged in collaborative activities to support the development of the Voluntary Voting System Guidelines (VVSG) 2.0. These TWiki activities began in 2015 and continued until early 2020. During that time period, this content was hosted on a Voting TWiki site. That TWiki site was decommissioned in 2020 due to technology migration needs. The TWiki activities that generated this content ceased to operate actively through the TWiki at the time the draft VVSG 2.0 was released, in February of 2020. The historical pages and documents produced there have been archived now in read-only, static form.

  • The archived materials of this TWiki (including pages, documents, links, content) are provided for historical purposes only.
  • They are not actively maintained.
  • They are provided "as is" as a public service.
  • They represent the "work in progress" efforts of a community of volunteer members of public working groups collaborating from late 2015 to February of 2020.
  • These archived materials do not necessarily represent official or peer-reviewed NIST documents nor do they necessarily represent official views or statements of NIST.
  • Unless otherwise stated these materials should be treated as historical, pre-decisional, artifacts of public working group activities only.
  • NIST MAKES NO WARRANTY OF ANY KIND, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY.
  • NIST does not warrant or make any representations regarding the correctness, accuracy, reliability or usefulness of the archived materials.

ARCHIVED VOTING TWIKI SITE MATERIALS

This wiki was a collaborative website. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these archived TWiki materials. Further, NIST does not endorse any commercial products that may be mentioned in these materials. Archived material on this TWiki site is made available to interested parties for informational and research purposes. Materials were contributed by Participants with the understanding that all contributed material would be publicly available.  Contributions were made by Participants with the understanding that that no copyright or patent right shall be deemed to have been waived by such contribution or disclosure. Any data or information provided is for illustrative purposes only, and does not imply a validation of results by NIST. By selecting external links, users of these materials will be leaving NIST webspace. Links to other websites were provided because they may have information that would be of interest to readers of this TWiki. No inferences should be drawn on account of other sites being referenced, or not referenced, from this page or these materials. There may be other websites or references that are more appropriate for a particular reader's purpose.

 

Created August 28, 2020, Updated February 5, 2021